[packages/arj] Add patch to fix build with -Werror=format-security

Wed Jan 30 16:57:13 CET 2013

commit bf862de247ab93f868702d4b5e2c5f7dfa6e6794
Author: Marcin Banasiak <marcin.banasiak at gmail.com>
Date:   Wed Jan 30 16:56:28 2013 +0100

    Add patch to fix build with -Werror=format-security

 arj-format-security.patch | 198 ++++++++++++++++++++++++++++++++++++++++++++++
 arj.spec                  |   2 +
 2 files changed, 200 insertions(+)
---

diff --git a/arj.spec b/arj.spec
index 05d591c..1595ce4 100644
--- a/arj.spec
+++ b/arj.spec
@@ -10,6 +10,7 @@ Source0:	http://testcase.newmail.ru/files/%{name}-%{version}.tar.gz
 # Source0-md5:	f263bf3cf6d42a8b7e85b4fb514336d3
 Patch0:		strnlen.patch
 Patch1:		%{name}-glibc.patch
+Patch2:		%{name}-format-security.patch
 BuildRequires:	autoconf
 BuildRequires:	automake
 BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)
@@ -32,6 +33,7 @@ pakietu zna sposób funkcjonowania programu ARJ pod DOS-em.
 %setup -q
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 
 %build
 cd gnu
diff --git a/arj-format-security.patch b/arj-format-security.patch
new file mode 100644
index 0000000..bc172ab
--- /dev/null
+++ b/arj-format-security.patch
@@ -0,0 +1,198 @@
+diff -urN arj-3.10.22/arj_arcv.c arj-3.10.22.ne/arj_arcv.c
+--- arj-3.10.22/arj_arcv.c	2005-06-21 21:53:12.000000000 +0200
++++ arj-3.10.22.ne/arj_arcv.c	2013-01-30 16:34:20.288567626 +0100
+@@ -3652,7 +3652,7 @@
+  {
+   if(msg_fprintf(idxstream, M_TESTING, archive_name)<0)
+    error(M_DISK_FULL);
+-  if(fprintf(idxstream, lf)<0)
++  if(fprintf(idxstream, "%s", lf)<0)
+    error(M_DISK_FULL);
+  }
+  cmd_verb=ARJ_CMD_TEST;
+diff -urN arj-3.10.22/arjdisp.c arj-3.10.22.ne/arjdisp.c
+--- arj-3.10.22/arjdisp.c	2003-06-22 13:12:28.000000000 +0200
++++ arj-3.10.22.ne/arjdisp.c	2013-01-30 16:54:51.568563877 +0100
+@@ -54,19 +54,19 @@
+  textcolor(7);
+  clrscr();
+  gotoxy(2, 2);
+- scrprintf(win_top);
++ scrprintf("%s", win_top);
+  for(i=3; i<24; i++)
+  {
+-  gotoxy(2, i); scrprintf(win_border);
+-  gotoxy(79, i); scrprintf(win_border);
++  gotoxy(2, i); scrprintf("%s", win_border);
++  gotoxy(79, i); scrprintf("%s", win_border);
+  }
+- gotoxy(2, 24); scrprintf(win_bottom);
++ gotoxy(2, 24); scrprintf("%s", win_bottom);
+  gotoxy(10, 5);
+- scrprintf(M_ARJDISP_COPYRIGHT);
++ scrprintf("%s", M_ARJDISP_COPYRIGHT);
+  gotoxy(10, 6);
+- scrprintf(M_ARJDISP_DISTRIBUTION);
++ scrprintf("%s", M_ARJDISP_DISTRIBUTION);
+  gotoxy(10, 7);
+- scrprintf(M_ARJDISP_LICENSE);
++ scrprintf("%s", M_ARJDISP_LICENSE);
+  gotoxy(16, 10);
+  scrprintf(M_PROCESSING_ARCHIVE, archive_name);
+  t=strtok(M_ARJDISP_INFO, msg_lf);
+@@ -78,7 +78,7 @@
+   t=strtok(NULL, msg_lf);
+  }
+  gotoxy(16, 20);
+- scrprintf(M_PRESS_ANY_KEY);
++ scrprintf("%s", M_PRESS_ANY_KEY);
+  uni_getch();
+  gotoxy(1, 24);
+ }
+@@ -96,19 +96,19 @@
+  {
+   clrscr();
+   gotoxy(2, 2);
+-  scrprintf(win_top);
++  scrprintf("%s", win_top);
+   for(i=3; i<24; i++)
+   {
+-   gotoxy(2, i); scrprintf(win_border);
+-   gotoxy(79, i); scrprintf(win_border);
++   gotoxy(2, i); scrprintf("%s", win_border);
++   gotoxy(79, i); scrprintf("%s", win_border);
+   }
+-  gotoxy(2, 24); scrprintf(win_bottom);
++  gotoxy(2, 24); scrprintf("%s", win_bottom);
+   gotoxy(10, 5);
+-  scrprintf(M_ARJDISP_COPYRIGHT);
++  scrprintf("%s", M_ARJDISP_COPYRIGHT);
+   gotoxy(10, 6);
+-  scrprintf(M_ARJDISP_DISTRIBUTION);
++  scrprintf("%s", M_ARJDISP_DISTRIBUTION);
+   gotoxy(10, 7);
+-  scrprintf(M_ARJDISP_LICENSE);
++  scrprintf("%s", M_ARJDISP_LICENSE);
+   gotoxy(16, 10);
+   scrprintf(M_PROCESSING_ARCHIVE, archive_name);
+   gotoxy(16, 12);
+@@ -132,13 +132,13 @@
+     break;
+   }
+   gotoxy(15, 14);
+-  scrprintf(ind_top);
++  scrprintf("%s", ind_top);
+   gotoxy(15, 15);
+-  scrprintf(ind_middle);
++  scrprintf("%s", ind_middle);
+   gotoxy(15, 16);
+-  scrprintf(ind_bottom);
++  scrprintf("%s", ind_bottom);
+   gotoxy(16, 18);
+-  scrprintf(M_ARJDISP_CTR_START);
++  scrprintf("%s", M_ARJDISP_CTR_START);
+  }
+  else
+  {
+@@ -146,7 +146,7 @@
+   gotoxy(16, 15);
+   memset(progress, indo, i);
+   progress[i]='\0';
+-  scrprintf(progress);
++  scrprintf("%s", progress);
+   gotoxy(16, 18);
+   scrprintf(M_ARJDISP_CTR, calc_percentage(bytes, uncompsize)/10);
+  }
+@@ -165,19 +165,19 @@
+  textcolor(7);
+  clrscr();
+  gotoxy(2, 2);
+- scrprintf(win_top);
++ scrprintf("%s", win_top);
+  for(i=3; i<24; i++)
+  {
+-  gotoxy(2, i); scrprintf(win_border);
+-  gotoxy(79, i); scrprintf(win_border);
++  gotoxy(2, i); scrprintf("%s", win_border);
++  gotoxy(79, i); scrprintf("%s", win_border);
+  }
+- gotoxy(2, 24); scrprintf(win_bottom);
++ gotoxy(2, 24); scrprintf("%s", win_bottom);
+  gotoxy(10, 5);
+- scrprintf(M_ARJDISP_COPYRIGHT);
++ scrprintf("%s", M_ARJDISP_COPYRIGHT);
+  gotoxy(10, 6);
+- scrprintf(M_ARJDISP_DISTRIBUTION);
++ scrprintf("%s", M_ARJDISP_DISTRIBUTION);
+  gotoxy(10, 7);
+- scrprintf(M_ARJDISP_LICENSE);
++ scrprintf("%s", M_ARJDISP_LICENSE);
+  gotoxy(16, 10);
+  scrprintf(M_FINISHED_PROCESSING, archive_name);
+  gotoxy(1, 24);
+diff -urN arj-3.10.22/arjsfx.c arj-3.10.22.ne/arjsfx.c
+--- arj-3.10.22/arjsfx.c	2005-06-21 21:53:14.000000000 +0200
++++ arj-3.10.22.ne/arjsfx.c	2013-01-30 16:38:12.380643609 +0100
+@@ -214,7 +214,7 @@
+   freopen(dev_con, m_w, stdout);
+  #if SFX_LEVEL>=ARJSFXV
+   if(ferror(stdout))
+-   msg_fprintf(stderr, M_DISK_FULL);
++   msg_fprintf(stderr, "%s", M_DISK_FULL);
+   if(debug_enabled&&strchr(debug_opt, 't')!=NULL)
+   {
+    ticks=get_ticks()-ticks;
+diff -urN arj-3.10.22/arj_user.c arj-3.10.22.ne/arj_user.c
+--- arj-3.10.22/arj_user.c	2004-06-18 18:19:36.000000000 +0200
++++ arj-3.10.22.ne/arj_user.c	2013-01-30 16:42:56.832435935 +0100
+@@ -1059,7 +1059,7 @@
+      if(recover_file(tmp_archive_name, nullstr, tmp_tmp_filename, protected, eof_pos))
+      {
+       msg_cprintf(H_HL, M_CANT_FIND_DAMAGE, archive_name);
+-      printf(lf);
++      fputs(lf, stdout);
+      }
+      else
+      {
+@@ -1294,7 +1294,7 @@
+    if(recover_file(archive_name, nullstr, nullstr, protected, eof_pos))
+    {
+     msg_cprintf(H_HL, M_CANT_FIND_DAMAGE, archive_name);
+-    printf(lf);
++    fputs(lf, stdout);
+    }
+    else
+    {
+@@ -2303,7 +2303,7 @@
+   timestamp_to_str(timetext, &ftime_stamp);
+   msg_cprintf(H_HL|H_NFMT, M_ARCHIVE_CREATED, timetext);
+   if(show_ansi_comments)
+-   printf(cmt_ptr);
++   fputs(cmt_ptr, stdout);
+   else
+    display_comment(cmt_ptr);
+   /* The sfx_setup() occurs here */
+diff -urN arj-3.10.22/rearj.c arj-3.10.22.ne/rearj.c
+--- arj-3.10.22/rearj.c	2005-06-21 21:53:14.000000000 +0200
++++ arj-3.10.22.ne/rearj.c	2013-01-30 16:44:17.368666299 +0100
+@@ -935,7 +935,7 @@
+  msg_cprintf(H_HL|H_NFMT, M_OLD_SIZE, old_fsize);
+  msg_cprintf(H_HL|H_NFMT, M_NEW_SIZE, new_fsize);
+  msg_cprintf(H_HL|H_NFMT, M_SAVINGS_SIZE, gain);
+- printf(lf);
++ fputs(lf, stdout);
+  total_old_fsize+=old_fsize;
+  total_new_fsize+=new_fsize;
+  total_files++;
+diff -urN arj-3.10.22/register.c arj-3.10.22.ne/register.c
+--- arj-3.10.22/register.c	2004-04-21 09:04:10.000000000 +0200
++++ arj-3.10.22.ne/register.c	2013-01-30 16:46:12.208044161 +0100
+@@ -205,7 +205,7 @@
+  char reg_source[200];
+  int i;
+ 
+- printf(M_REGISTER_BANNER);
++ fputs(M_REGISTER_BANNER, stdout);
+  integrity_pattern[0]--;
+  build_crc32_table();
+  if(argc!=2)
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/arj.git/commitdiff/bf862de247ab93f868702d4b5e2c5f7dfa6e6794

